Intex Router N-150 – Arbitrary File Upload

Exploit Database
36 阅读

作者： Samrat Das

日期： 2018-06-25
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/44939/

# Exploit Title: Intex Router N-150 - Arbitrary File Upload
# Date: 2018-06-23
# Exploit Author: Samrat Das
# Version: N-150
# CVE : N/A
# Category: Router Firmware

# 1. Description
# The firmware allows malicious files to be uploaded without any checking of
# extensions and allows filed to be uploaded.

# 2. Proof of Concept

- Visit the application
- Go to the advanced settings post login
- Under backup- restore page upload any random file extension and hit go.
- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file.

last Exploits
Intex Router N-150 – Arbitrary File Upload的更多信息

Basic Analysis and Security Engine (BASE) 1.4.5 – ‘base_main.php?base_path’ Remote File Inclusion：
Shape Web Solutions CMS – SQL Injection：
Kimai-1.30.10 – SameSite Cookie-Vulnerability session hijacking：
Joomla! Component Picasa 2.0 – Local File Inclusion：
Bangresto 1.0 – SQL Injection：
Mitsubishi Electric smartRTU / INEA ME-RTU – Unauthenticated OS Command Injection Bind Shell：
Joomla! Component com_s5clanroster – Local File Inclusion：
Workout Journal App 1.0 – Stored XSS：